Gateway | Social IdP Integration

Adding additional Service Providers with same social provider API integrations

You may decide to use the same Social Identity Provider integration across multiple Service Providers in your organization. For a single service, you may have different dev, test, and production instances where you want to share the same API Key and Secret. Or, you may wish to have the same unique identifier for all Facebook users (Facebook and LinkedIn generate a unique identifier which is tied to a particular API integration, similar to an eduPersonTargetedID).

This article contains instructions for settings in the Cirrus Identity console that allow sharing an API Key and Secret with multiple Service Providers. 

For each social provider, you must set an API Key and secret for the first SP. See Social Provider API Integrations for Your First Service Provider

You can share this API Key and Secret across multiple Service Providers, but you must add a new authorized redirect URI for each Service Provider to the social providers API settings. 

Important note: Twitter does not support the addition of authorized redirect URIs for more than one Service Provider.

To add a new Service Provider using the same API Key and Secret:

  1. Be sure you know the credentials for the user account at the social provider that was used with the initial API integration. 

  2. Log into the Cirrus Identity console and navigate under the MySPs tab to the Service Provider that has the existing API Key and Secret.

  3. Copy and paste the API Key and Secret from the existing Service Provider to the configuration page for the new Service Provider.

Social IP.png

Then, still in the configuration page for the new Service Provider, on the right side of the screen, scroll down the API Setup Guide Window until you find the authorized redirect URI generate by the console for the new Service Provider.

Social IP 2.png

Copy the redirect URI for that provider. Then scroll back to the top of the API Setup Guide window and click the link to go to that provider's developer console.

Social IP 3.png

Adding Authorized Redirect URIs to social provider developer consoles

Now you'll need to scroll down the API Setup Guide in the Cirrus console for each social provider and copy the authorized redirect URI for the new Service Provider you are setting up, and then navigate to the place in the social provider developer console where you can paste that into the API settings.

Please refer to the article on setting redirect URIs for instructions on where to paste those links you copy from the Cirrus console.

Adding Authorized Redirect URLs to social provider API settings

If you are sharing an API Key and Secret with more than one Service Provider, you will need to add an Authorized redirect URI for each Service Provider that shares the API key and secret. See this article for details of why you may want to do this. This article contains instructions for adding the Authorized Redirect URIs for social providers where appropriate. 

Note: AOL and Yahoo use OpenID so you do not need to set an API Key and Secret or an authorized redirect URI.

Note: Twitter does not support more than one Authorized Redirect URL for an integration, so you cannot share a Twitter API Key and Secret with more than one Service Provider.

To add Authorized Redirect URIs for each social provider:

  1. Make sure you have the credentials to the social provider developer console handy as you will need to update the settings there.

  2. In the Cirrus Console, choose the Service Provider from the drop-down list under the MySPs tab.

  3. Choose the social provider icon from the left nav bar

  4. Go to the API Setup Guide window on the right

  5. Scroll down to the authorized redirect URI the console has generated for that Service Provider

  6. Copy the authorized redirect URI

  7. Scroll back to the top of the API setup guide and click the link to log into the developer console for that social provider

  8. Find the place where you can add authorized redirect URIs (see below for instructions), and paste in the authorized redirect URI generated by the Cirrus console.

Facebook

Once logged in to the Facebook developers console:

Choose the Service Provider that is already integrated (the one with the API Key and Secret you are going to share with the new application).

On the dashboard, choose "settings" from the left nav bar

Choose "advanced" from the middle panel

Adding Redirect URLs.png

Google

Once in the Google console, click "Enable APIs and Get Credentials Like Keys"

Choose the "Google + API"

Choose "Credentials" in the left nav bar

Choose the name of the integration in the middle panel

Paste the Authorized redirect URI you copied from the Cirrus console into the Google Cloud Platform console

Redirect URLs 2.png

LinkedIn

Log in to developer's console

Choose the application that is already integrated (the one with the API Key and Secret you are going to share with the new application).

Scroll down to field for adding redirect URIs

Redirect URLs 4.png

Twitter

Note for Twitter you can add only ONE redirect URI, so you cannot share the same API Key and Secret across multiple Service Providers when you integrate with Twitter  

Log in to developer's console

Choose settings from the top nav bar

Scroll down and paste the link into the "callback URL" box

Redirect URLs 5.png

Weibo

Log in to Open Weibo site

Select the application under My Applications

Under the Application menu select Advanced

Click edit in the OAuth2.0 authorization settings and enter the link as the Authorization callback page

Redirect URLs 6.png

Microsoft

Log in to developer's console

Navigate to settings

Choose the API settings tab

Scroll down and enter the "redirect URLs"

REMINDER: Yahoo use OpenID so you do not need to set an API Key and Secret or an authorized re-direct URL

Managing Social Provider Integrations

Your organization will need to set up the API integrations with each social identity provider. Because people and organization units come and go, you may want to consider the following options when deciding how to set up your API integrations:

  1. Google, Facebook, and LinkedIn allow you to add more than one administrator for an application integration with their identities. 

  2. Twitter, Weibo, and Microsoft allow only one account to administer the API integration

  3. Yahoo in an OpenID provider and you don't need to set an API Key and Secret

Twitter, Weibo, and Microsoft

Document the accounts you use to set up integrations with Twitter, Weibo, and/or Microsoft. You can send Cirrus Identity the account names you used (but not the credentials) and we'll keep track of them in case you forget in the future.

We highly recommend you establish multiple administrators. Below are instructions for setting more than one admin for Google. 

Remember that you can access the social provider API consoles by going to the Cirrus Console, choosing the social provider from the icons on the left, and then clicking the link on the right in the API integration instructions window.

Google

  • Log in to developers console

  • From the Google Cloud Platform Dashboard, select the menu button in the far left

  • From the menu, choose "setting"

Adding multiple administrators for your API Integration with social identity providers

Your organization will need to set up the API integrations with each social identity provider. Because people and organization units come and go, you may want to consider the following options when deciding how to set up your API integrations:

  1. Google, Facebook, and LinkedIn allow you to add more than one administrator for an application integration with their identities. 

  2. Twitter and Microsoft allow only one account to administer the API integration

  3. AOL and Yahoo are OpenID providers and you don't need to set an API Key and Secret

Below are instructions for setting more than one admin for Google, Facebook, and LinkedIn. We highly recommend you establish multiple administrators.

If you are integrating with Twitter or Microsoft, be sure to document the accounts you used to set up the initial integrations.  You can send Cirrus Identity the account names you used and we'll keep track of them in case you forget in the future.

Remember that you can access the social provider API consoles by going to the Cirrus Console, choosing the social provider from the icons on the left, and then clicking the link on the right in the API integration instructions window.

Google

  • Log in to developers console

  • From the Google Cloud Platform Dashboard, select the menu button in the far left

  • From the menu, choose "Permissions" 

  • Then choose "Add Users"

Google Cloud Platform 2.png
Google Cloud Platform 3.png
Google Cloud Platform 4.png

Facebook

  • Log in to Facebook developers console

  • From the Facebook developers console, select the application for which you're adding admins

  • From the menu in the left nav bar, choose "Roles" 

  • Then choose "Add Administrators"

Facebook.png
Facebook 2.png

LinkedIn

  • Log in to LinkedIn developers console

  • From the LinkedIn developers console dashboard, select the application for which you're adding admins

  • From the menu on the left nav bar, choose "Roles" 

  • Then add developers to the input field (you will need to have a first level LinkedIn connection to the admins you add)

LinkedIn.png
LinkedIn 2.png